This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Vundo Trojan begins sending out ransomware

Share this article:

The Vundo Trojan has changed its output from scareware to ransomware.

 

Alex Lanstein from the FireEye Malware Intelligence Lab revealed that the authors of Vundo have been pushing a piece of malware that encrypts various personal file types such as pdf, doc and jpg on your system, and ‘coincidentally' push a program called FileFix Pro 2009 which would decrypt them for a fee.

 

Lanstein said: “Although we broke the encryption, it's a sobering realisation of the state of malware that it is now actively extorting users by holding their data ransom. Despite this version of FileFix being trivial to crack, it does not bode well for the future of internet malware.”

 

He explained that Vundo is a generic Trojan that is well known for pushing scareware popups for things such as XPAntiVirus and WinFixer. However in this case it was pushing a popup that ended up being a Trojan, which encrypted all the documents and rendered them unreadable on your system.

 

On the webpage for the ‘fix' at FileFixPro.com, download options are given which Lanstein revealed use server-side polymorphism (or perhaps a ton of binaries) to give a different executable every time it is downloaded. He said: “I assume this is to aggravate anti-virus detection, which appears to be working.”

 

He explained that a member of the FireEye team wrote a script to decrypt files, and in the coming days a tool will be released that can be downloaded that will decrypt all the affected files on your system.

 

 

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Home Depot card data breach undetected for four months

Home Depot card data breach undetected for four ...

The Home Depot card data breach may have continued for longer than the Target attack late last year, according to new reports.

Microsoft closes Trustworthy Computing as part of layoff strategy

Microsoft closes Trustworthy Computing as part of layoff ...

In a surprise move, Microsoft has effectively closed its Trustworthy Computing (TwC) Group as part of the loss of 2,100 jobs in a restructuring plan announced late last week.

More celebrity pictures revealed: Apple and FBI investigating

More celebrity pictures revealed: Apple and FBI investigating

Celebgate 2: a depressing weekend for some celebrities as more hacked pictures leaked from iCloud.